Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Elio Galli 0 posts 20 karma points
    Jun 23, 2009 @ 16:48
    Elio Galli
    0

    Members and Active Directory (How to)

    Hi to all,
    I restricted access to my website only to Active Directory Users with the Active Directory membership provider.

    Now I must create 2 nodes with a restricted access to 2 members groups.
    When i try to create a new member in umbraco incur in a creation error (but with default membership providers all works perfectly).
    Also Idon't view the Member Type node.
    Can anyone help me to resolve this issue?

    Is there a method to view in umbraco member section the active directory's users

    Thank you in advance
    AF

  • Chris Dunn 75 posts 127 karma points
    Jul 01, 2009 @ 05:14
    Chris Dunn
    0

    Using the active directory membership provider means that you can't use the umbraco membership provider in the same way.  I believe a AD user must login first before they appear in the users section.  Once they have logged in once, you can assign groups to them, etc.  I found a similar problem when trying to use AD for the user membership provider.  I ended up creating a custom membership provider by creating a copy of the default membership provider code and overriding the login validation method to validate the password against AD.  This lets you manage the users(members) using umbraco including create, while still validating the password against AD.

  • Aaron Powell 1708 posts 3045 karma points c-trib
    Jul 01, 2009 @ 05:23
    Aaron Powell
    0

    Umbraco 4 supports the standard ASP.NET Forms Based Authentication, which in turn has an Active Directory provider.

    Although I doubt you'll find someone who's used it with Umbraco here's a how-to on using it: http://msdn.microsoft.com/en-us/library/ms998360.aspx

  • Chris Dunn 75 posts 127 karma points
    Jul 01, 2009 @ 05:43
    Chris Dunn
    0

    Slace,

    Does the ActiveDirectory Provider allow you to fully manage users/members in umbraco, including create. We first implemented the AD provider for the backend but found that the user had to login once before they would appear in the users sections and only then could we assign proper roles and node access.

  • Aaron Powell 1708 posts 3045 karma points c-trib
    Jul 01, 2009 @ 05:50
    Aaron Powell
    0

    In theory it will allow for full management of the users within Umbraco, the Member tree (and User tree) go via the MembershipProviders (or at least they should, if they don't that a bug that needs to be submitted).

    This means that all operations supported by the MembershipProvider should just work, and since the ActiveDirectoryMembershipProvider does support a CreateUser method I don't see why it wouldn't work.

    You need to take into account the permission of the user running the site, if the account doesn't have the appropriate AD rights then it wont work anyway. Personally I'd write my own provider on top of the ActiveDirectoryMembershipProvider which I would then overrite the CreateUser method to disable it as I wouldn't want the ability to create AD accounts from Umbraco.

    But yeah, in theory it will work just fine.

  • Chris Dunn 75 posts 127 karma points
    Jul 01, 2009 @ 06:04
    Chris Dunn
    0

    I favored the custom provider too and ended up creating a 'blended' provider.  We create our users as 'umbraco' users and upon login first check that they exist as an umbraco user and if so we attempt to validate the user/password against ActiveDirectory.  If the user doesn't exist as in AD but exists as an umbraco user we validate using the umbraco password.  It allows us to give external users access to umbraco with giving them an AD account.

  • Mindy 4 posts 74 karma points
    Jan 18, 2017 @ 18:15
    Mindy
    0

    Chris... I need to create the same 'blended' provider. Can you direct on how to do this for Umbraco 7.5+?

  • Aaron Powell 1708 posts 3045 karma points c-trib
    Jul 01, 2009 @ 06:15
    Aaron Powell
    0

    well it ultimately comes down to how you need to provide access. If you were doing an intranet then I could see AD as a viable choice and you would be likely to want to use the standard AD authentication, and only have a single place of user management.

    AD on public sites isn't something I've ever been asked to implement, generally because you don't want non-employee's on your domain ;)

  • Chris Dunn 75 posts 127 karma points
    Jul 01, 2009 @ 06:30
    Chris Dunn
    0

    sorry...meant to say 'without' giving them access to ActiveDirectory.  Solution works well if you use external consultants as we do and need to provide them access to edit content (not publish) but don't want to provide them a short term AD account. ;)

  • tarekahf 215 posts 153 karma points
    Apr 22, 2010 @ 23:14
    tarekahf
    0

    Hi Chris,

    I liked your approach for implementing AD Integration. I am about to deply my first website for our Intranet, and I want to implement mixed authentication mode. 

    I appreciate it if you could provide me with more detials on how you implemented this.

    Tarek.

  • Maritza 29 posts 49 karma points
    May 02, 2012 @ 16:37
    Maritza
    0

    How do you provide access to just one section on the website using AD?

    I need help please!!

     

     

     

Please Sign in or register to post replies

Write your reply to:

Draft